Brute force SSH login attempts

I’ve always been pretty confident just using denyhosts to prevent people running brute force ssh login attempts against my servers but now with this from securityfocus – http://www.securityfocus.com/news/11518 – I think I’ll also be changing the port number that SSH is listening on.

The report says that there are now large distributed brute force ssh attempts coming from multiple IP addresses. This means that utilities that are blocking login attempts from hosts that have made multiple failed attempts are not going to help.